Merge pull request #16 from dtgay/0.1.11

0.1.11
author: David Gay <david@davidgay.org> 2021-06-16 20:49:59 -0400
committer: GitHub <noreply@github.com> 2021-06-16 20:49:59 -0400
commit: 6dfaa7453591910e1373d92d8a09ddf384ebe834 (patch)
tree: ccec71ec425808ea82a3bfbcd36490f1cdcb666d /app/controllers/characters/items_controller.rb
parent: 007896b0057b8aecbf74dddd269b57efe3f6e0e6 (diff)
parent: 0d6a82102061ff58b7ba34b09c4be9687c21ab2a (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/app/controllers/characters/items_controller.rb b/app/controllers/characters/items_controller.rb
index 470e21c..e38b69a 100644
--- a/app/controllers/characters/items_controller.rb
+++ b/app/controllers/characters/items_controller.rb
@@ -1,6 +1,7 @@
 class Characters::ItemsController < ApplicationController
+  before_action :set_character, only: :index
+
   def index
-    @character = Character.find(params[:character_id])
   end
 
   def equip
@@ -66,4 +67,13 @@ class Characters::ItemsController < ApplicationController
       redirect_to character_items_path(current_char)
     end
   end
+
+  private
+    def set_character
+      @character = Character.find(params[:character_id])
+      unless current_char == @character
+        flash[:alert] = "You can only look at your own items."
+        redirect_to character_path(@character)
+      end
+    end
 end
author	David Gay <david@davidgay.org>	2021-06-16 20:49:59 -0400
committer	GitHub <noreply@github.com>	2021-06-16 20:49:59 -0400
commit	6dfaa7453591910e1373d92d8a09ddf384ebe834 (patch)
tree	ccec71ec425808ea82a3bfbcd36490f1cdcb666d /app/controllers/characters/items_controller.rb
parent	007896b0057b8aecbf74dddd269b57efe3f6e0e6 (diff)
parent	0d6a82102061ff58b7ba34b09c4be9687c21ab2a (diff)